Commit Graph

2 Commits

Author SHA1 Message Date
chiguyong 57f4ee9ac0 refactor: remove Any from tools/ + skills/ (220 sites)
Wave 3 Any 治理:
- tools/ 146 sites: bitable_tool(20), computer_use(16), schema_tools(14), shell(7), builtin(7), file_read(8), calendar_tool(8), web_crawl(6), computer_use_recorder(6), ask_human(5), baidu_search(5), web_search(5), base(5), memory_tool(3), skill_search(3), function_tool(3), skill_install(3), document_tool(4), mcp_tool(4), output_parser(2), advance_phase(2), search(2), composition(2), agent_tool(2), headroom_retrieve(2), terminal_session(1), registry(1)
- skills/ 74 sites: geo_pipeline(23), base(18), pipeline(13), schema(8), skill_detail(6), skill_md(6) + 3 F401 fixes

Strategy: dict[str,object] > object > TYPE_CHECKING Protocol
Tests: 577 passed, 0 regressions
ruff: 13 errors (all pre-existing, 0 new)
2026-07-01 04:52:57 +08:00
chiguyong bbbf9cd40a feat(bitable): add bitable companion service with full P0-P2 fixes
Bitable is a multi-dimensional table companion service that runs alongside
the main AgentKit server. It provides structured data storage with formula
fields, views, and ingestion pipelines.

Major components:
- Domain models (Pydantic v2): Table, Field, Record, View, RecalcTask
- SQLAlchemy 2 async ORM with independent bitable PostgreSQL schema
- Formula engine: AST parser, DAG, Kahn topological sort, safe eval
- RecalcWorker: atomic task claiming (FOR UPDATE SKIP LOCKED), topo-order
  processing, stale-threshold reaper for crash recovery
- REST API (/api/v1/bitable): tables, fields, records, views, files
- BitableTool: agent-facing tool with batch chunking (500/batch)
- CLI: agentkit bitable subcommands (create, list, import-excel, etc.)
- Frontend: Vue 3 + vxe-table grid with field management, views, filters
- Ingestion: Excel (openpyxl), database reflection, API collector

Security fixes (ce-code-review P0 + ce-debug P1):
- SQL injection prevention (field_id validation, parameterized queries)
- IDOR protection (_check_table_ownership on all table-level endpoints)
- SSRF prevention (URL scheme + private IP validation in parse_excel_url)
- OOM prevention (streaming file upload, batch delete, batch insert)
- Atomic recalc task claiming (FOR UPDATE SKIP LOCKED)
- Formula engine cache invalidation on field changes
- Composite cursor pagination for non-id sort orders
- Batch upsert (eliminates N+1 queries)
- Sync I/O offloaded to thread pool in async contexts
- Internal token auth (X-Internal-Token, hmac.compare_digest)
- PK unique index enforcement

Test coverage: 88 unit tests (95 skipped without Docker)
2026-06-25 01:09:59 +08:00